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In the Claims 



The status of ! claims in the case is as follows 



1. [Currently amended] A computer implemented method for 
detecting denial of service attacks, comprising the steps 
of: 

issuing a bit; encoded login challenge in response to a 
login request I to said computer from a requester of 
services ; and j 

i 

responsive tojan incorrect response to said challenge, 

! 

said computer I placing said requester in a state of 
limited service* 



2 . [Currently amended] The computer implemented method of 
claim 1, further cdmip^rising the steps of: 

i 

i 

filtering out j to said state of limited service 

iterative connection requests from a network address of 

j 

a hacker device. 
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3. [Currently amended] The computer implemented method of 
claim 1, further comprising the step of: 

responsive to! speed, latency and average queuing 
network delay j of connection requests, detecting and 

placing in a state of limited service repetitive login 

i 

requests from; a hacker device. 

i 

4 . [Currently amended] The computer implemented method of 
claim 3, further comprising the steps of: 

determining from said speed, latency and average 
queuing network delay a time-out value; and 

detecting as a request from a hacker device a request 

that does not j complete within said time-out value, 

i 

5. [Currently amended] The computer implemented method of 

claim 1, further comprising the steps of : 

I 

issuing further challenges to subsequent requests for 
service from said requester and selectively responding 
to successful ! responses by continuing service at the 
same or improved level and to unsuccessful responses by 
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further reduction or complete denial of service- 

6. [Currently amended] The computer implemented method of 
claim l # further comprising the steps of: 

periodically issuing said challenges throughout 
connection to|a requester successfully responding. 

7 . [Currently amended] The computer implemented method of 

i 

claim I, comprising the step of issuing said bit -mapped 
challenge as logon ! image from which a user must select or 
enter a response* 

8 . [Currently am4nded] The computer implemented method of 
claim 7, further comprising the step of occasionally 
shifting the input jarea for a valid response to said 
challenge . 

9. [Currently attended] The computer implemented method of 
claim 1, further comprising the step of slowing acceptance 
from and response tio systems in a degraded service category. 

10. [Currently amended] The computer implemented method of 
claim 1, further comprising the step of counterattacking by 
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executing a denial lof service response to attacking systems. 

i 

11. [Currently amended] A computer implemented method for 
detecting denial of service attacks, comprising the steps 
of: | 

i 

executing a bit -encoded challenge- response login 
procedure and: a network probing test frame transmission 

and analysis procedure to detect a hacker denial of 

j 

service attack; 



said network probing test frame transmission and 
analysis procedure including defining a signature of 
discrete speed, streaming speed, and latency of the 
connecting device failing said bit-encoded challenge- 
response login procedure, and adding said signature to 

a router based filter for filtering out login requests 

i 

from said hacker responsive to said signature; and 

; 

responsive to j detecting said denial of service attack, 
placing said hacker in a lower level of service state. 

i 

12, [Canceled] j 

13 . [Canceled] 
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14 * [Canceled] 

15, [Currently amended] A computer implemented method for 
detecting denial of service attacks, comprising the steps 
of: 

selecting sending and receiving probative test packets 

i 

through a network; 



responsive to 



said packets, determining network 



evaluation parameters for said network; 

i 

i 

responsive to j said network evaluation parameters, 
determining presence of network denial of service 
attacks, said j network evaluation parameters including 

response time land throughput characteristics of said 

j 

network, said j throughput characteristics including 

i 

capacity, utilization, and performance; and 

j 

executing a challenge -response procedure to discourage 
and repel eaicji attacks. 

; 
i 

16- [Currently amended] The computer implemented method of 
claim 15, further ctoniprising the steps of: 
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determining a 



latency and speed fingerprint of an 



offending device; 

i 

responsive to! said fingerprint, operating a router 
filtering system to reject packets from said offending 
device. 

17. [Currently amended] The computer implemented method of 

I 

claim 16, said fingerprint comprising a rhythm of 
transmissions of discrete, burst, and stream packets. 

i 

18. [Currently amended] A computer system for detecting 
and responding to denial of service attacks, comprising: 

•I 

i 

a test station for identifying a zombie source of said 
deniai of service attack; 

i 

a low quality | server for serving said zombie source; 

i 

and 

i 
t 
t 
i 

!* 

a high quality server for serving legitimate sources of 

i 

request for services . 



19. [Currently amended] The computer system of claim 18 , 

: 

i 
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further comprising: 

a load balance server for directing said zombie source 
to said low quality server. 

20. [Currently amended] The computer system of claim 19, 
said zombie source! being [[an]] a server addressable on an 
Internet containing trojan-horse code. 

21. [Currently amended] The computer system of claim 18, 
said test station performing testing by use of ICMP pings to 
identify said zombie source* 

22. [Currently amended] The computer system of claim 21/ 
said test station further for determining patterns of 

traffic generated by well-known attack scripts for 

i 
i 

subsequent use in identifying said zombie source. 

, i 

23. [Currently am4nded] The computer system of claim 21, 

I 

said test station further for determining a timeout value 
for completion of 4 login request for freeing control blocks 
responsive to a lo^in request which does not complete within 
said timeout value j 

i 
j 
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24. [Currently amended] A computer implemented probative 
test and analysis rhethod for detecting and responding to 
denial of service Attacks on a network resource , comprising 
the steps of : 

creating a terjiplate of attack patterns; 

determining historical, current/ and predicted states 

I 

of said network for each of a plurality of types of 
network traffic;. 

i 

responsive to jsaid attack patterns, determining if a 
spike in netwqrk traffic is a distributed denial of 
service attack and, if. so, determining its source; and 

i 

j 

denying full service to sources associated with said 
service attack. 

i 

25. [Currently amended] The computer implemented method of 
claim 24, further comprising the steps of: 

determining uriique speed and latency network attachment 
characteristics of devices attempting to connect to 

said network resource; and 

i 
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responsive to! detect ion of an abusive behavior from a 
said device, responding to subsequent requests for 
service from $aid device by denying said full service 
to said devic^- 

26. [Currently amended] A computer program product st o rage 
d e vic e readabl e by j a ma c hin e / tangibly embudying a p ro g ram 
o f instructions e x ec utabl e by a machine to perform m e thod 

st ep s for detecting denial of service attacks ,- aaid m e thod 

i 

! 

stejpa comprising: 



a computer readable medium? 



first program 



encoded login 



instructions to issuing issue a bit 



challenge in response to a login request 



from a requester of services; I [and] ] 



second program instructions, responsive to an incorrect 



response to s4id challenge, pla c in g to place said 

! 

requester in 4 state of limited service ; and wherein 



said first ana second program instructions are recorded 



on said computer readable medium. 
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27. [Canceled] 

28. [Canceled) 

29. [Canceled] 

30. [Currently amended] A computer program product storag e 



d evice readable by 



a machin e , tangibly et nbodying - a - - program 



of ins t ructions e xecutabl e by a machin e to pe rf o rm m e th o d 
steps for detecting denial of service attacks , said ' method 
st e ps comprising: 



a computer read able medium; 



first program 



instructions for executing a network 



probing test £rame transmission and analysis procedure 
to detect a hacker denial of service attack; [[and]] 



second 


procrrar 


l instructions,. 


denial 


of serr 


rice attack, foi 



state of lower level of service ; and wherein 



said first and second program instructions are re corded 



on said computer readable medium. 



31. [Newly added] I A. computer program product for detecting 

i 
i 
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denial of service attacks, comprising; 



a cotnputer readable medium 

first program instructions to selectively send and 
receive probative test packets through a network; 

I 

second program instructions, responsive to said 
packets, to determine network evaluation parameters for 
said network; I 



third program instructions, responsive to said network 
evaluation parameters, to determine presence of network 
denial of service attacks, said network evaluation 
parameters including response time and throughput 
characteristics of said network, said throughput 
characteristics including capacity, utilization, and 
performance; 



fourth program 
response 
attacks ; and 



procedure 
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instructions to execute a challenge - 
to discourage and repel said 



^herein 



said first, second, third, and fourth program 
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instructions 
medium. 



are recorded on said computer readable 



32. [Newly added] 
26, further comprising 



third program 
state of limi 
from a network 



The computer program product of claim 



instructions for filtering out to said 
ted service iterative connection requests 
address of a hacker device; and wherein 



said third program instructions are recorded on said 
computer readable medium. 



33. [Newly added] j The computer program product of claim 
26, further comprising: 



third program 
latency and 
requests , for 
limited servi' 
device; and wherein 



said third 
computer 



END920000185US1 



instructions, responsive to speed, 
erage queuing, network delay of connection 
detecting and placing in a state of 
e repetitive login requests from a hacker 



prcpgram 



readable 



instructions are recorded on said 
medium. 
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34. [Newly added] j The cottqputer program product of claim 

! 

26, further comprising: 



third program 
speed, latency 
time-out value 



fourth program 
from a hacker 
within said t 



instructions for determining from said 
and average queuing network delay a 



instructions for detecting as a request 
device a request that does not complete 
4me-out value; and wherein 



said third and 
on said c 



computer 



35. [Newly added] 
26, further comprii 

third program 
challenges to 
requester and 
responses by 
level and to 
reduction or 



fourth program instructions are recorded 
readable medium. 



The computer program product of claim 
ing: 

instructions for issuing further 
subsequent requests for service from said 
selectively responding to successful 
continuing service at the same or improved 
unsuccessful responses by further 
complete denial of service; and wherein 



END9200O0185US1 



14 of 20 



S/N 09/945,172 



j 

PAGE 16/23 * RCVD AT 0/16/2005 4:34:32 PM [Eastern Daylight Time] * &VR:U8PTO-EFXRF-6/29 * DN!S:2738300 * CSID:276 238 1545 * DURATION (mm-ss): 06-26 



Sep 16 2005 16:19 Attorney at Law 



276 238-1545 



said third 
computer 



program instructions are recorded on said 
readable medium. 



36. [Newly added] 
26, further comprising 



The computer program product of claim 



third program 
said challenges 
successfully 



instructions for periodically issuing 
throughout connection to a requester 
Responding; and wherein 



said third prcbgram instructions are recorded on said 
computer readable medium. 



37. [Newly added] 
26, further comprising 



third program 
challenge as \ 
or enter a 



said third 
computer 



38. [Newly added] 



END920000185US1 



The computer program product of claim 



instructions for issuing said bit -mapped 
ogon image from which a user must select 
; and wherein 



response 



prcbgram instructions are recorded on said 
readcJble medium. 



The computer program product of claim 
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37 , further comprising 



fourth program 
the input are 
and wherein. 



said fourth 
computer 



program instructions are recorded on said 
readable medium. 



39. [Newly added] 
26, further comprising 



third program 
and response 
and wherein. 



said third 
computer 



40, [Newly added] 
26, further comprising 



third program 
executing a 

END920000185US1 



instructions for occasionally shifting 
for a valid response to said challenge; 



The computer program product of claim 



instructions for slowing acceptance from 
systems in a degraded service category; 



to 



program 



readable 



instructions are recorded on said 
medium. 



The computer program product of claim 



instructions for counterattacking by 
denial of service response to attacking 
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systems; and Wherein 



said third 
computer 



program 



readable 



instructions are recorded on said 
medium. 



0 
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